DuckDuckGo, The Search Engine that Doesn’t Track You
Name: DuckDuckGo (Visit DuckDuckGo)
Type: Search Engine
Reason it's on The Best Sites:
And 45% Don't Know That Google Owns YouTube
In the wake of news about Cambridge Analytica obtaining the personal data Facebook kept on 50 million Americans, #DeleteFacebook went viral. And, as our recent survey revealed, about 60 percent of Americans plan to share less information with Facebook and nearly 40 percent are now more likely to delete their Facebook accounts. But there’s one big problem: a majority of Americans don’t know that Facebook also owns Instagram.
We surveyed 1,153 random U.S. adults (not just DuckDuckGo users), who collectively are demographically similar to the general population of U.S. adults. Surveys were taken on Mar 26th and 27th, 2018.
We found that 56.90 percent (± 2.86%) of respondents were unaware that Facebook owns Instagram.
And the problem isn’t just limited to Facebook/Instagram. We also found that almost half of the American population (44.67 ± 2.87%) did not know that Google owns YouTube.
Why is this a problem? Case in point:
In reaction to #DeleteFacebook, we’ve seen many disengage with Facebook in favor of Instagram, seemingly without realizing that the same company would be handling their personal data.
Quite simply, people who are unaware of the corporate parent ownership of Instagram and YouTube cannot make informed privacy decisions about using them. Facebook and Google amass huge data profiles about people, and can each combine Instagram or YouTube data into these profiles, respectively, further enabling hyper-targeting on their ad platforms.
Add to that the troves of data they’re already collecting on you through their massive tracker networks lurking behind most of the sites you visit, and the question then becomes what don’t they know about you instead of what do they know.
Bottom line: if you want to disengage fully with Facebook, you also need to disengage with Instagram, and also block Facebook's web trackers.
These results are based on the polling of a random sample of 1,153 American adults (18+) on March 26th and 27th, 2018 via SurveyMonkey's Audience platform, which ensures the demographic make-up of respondents is representative of the U.S. population. Survey respondents were paid and a confidence level of 95% was used for calculating the values above.
Survey Results from 1,153 Random U.S. Adults
Over the past week and a half, there has been a lot of excellent media coverage detailing how Cambridge Analytica was able to easily download the sensitive personal information of 50 million Facebook users after only getting questionable authorization from 270,000 people.
We wanted to understand how much awareness there has been of this incident and what behaviors and attitudes may have changed among those who are aware. To that end, we commissioned a survey of 1,153 random U.S. adults (not just DuckDuckGo users), who collectively are demographically similar to the general population of U.S. adults. Surveys were taken on Mar 26th and 27th, 2018. Here are the results.
We found that 85.34% +/- 2.04% of U.S. adults are aware of the Cambridge Analytica incident.
Deleting Facebook Accounts
Among those who are aware and who currently have a Facebook account, 37.00% +/- 3.39% state that they're now more likely to delete their Facebook account.
Sharing Less Personal Information with Facebook
Similarly, among those who are aware and who currently have a Facebook account, 60.82% +/- 3.42% plan to share less personal information with Facebook.
Trust in Facebook
More than half (56.00% +/- 3.10%) of those who are aware of the incident disagree with the statement, "I trust Facebook to take appropriate action to protect it's users' online privacy."
Regulation of Facebook
42.58% +/- 3.09% of respondents who are aware of the Cambridge data incident agree with the statement, "I believe the government should play a greater role in regulating how Facebook handles user data." Add to them the 21.44% +/- 2.56% who are neutral, and a solid majority (64.02% +/- 3.00%) are not opposed to the regulation of Facebook.
These responses differ significantly from those who haven't heard of the incident. 42.58% +/- 3.09% of those that have heard of the incident responded that they somewhat agree, agree, or strongly agree with the statement above. Compared with 30.18% +/- 6.92% of those who haven't heard about the incident, the relative change between those groups is 41.10% +/- 25.11%.
Concern for Online Privacy
Moving beyond Facebook, among those who are aware of the incident, 64.23% +/- 2.99% responded that they're now more concerned for their online privacy as a result of the event.
Seeking Tools/Services to Protect Online Privacy
Roughly half (51.12% +/- 3.12%) of those polled who are aware of the Cambridge Analytica incident are now more likely to seek out tools and services to protect their online privacy.
Even if you delete your Facebook account or stop visiting the website entirely, trackers from Facebook still lurk on about 25% of websites. Facebook can still use this tracking to create a "shadow" profile about you, and target ads at you via their audience ad network off of Facebook, or if you still use Facebook somewhat, use the browsing history they see to target ads at you on their site.
Privacy Tip: To prevent this ad targeting and additional data collection, you need to use a tracker blocker extension/app, like the one offered by us (DuckDuckGo) on all major browsers and platforms that also includes additional privacy essentials.
In just a week and a half, the Cambridge Analytica incident has had a major impact on Americans' sentiment toward Facebook and online privacy. We expect continued shifts in attitudes and behaviors about Facebook and other services as coverage continues to scrutinze poor privacy practices, and the dialogue turns to what we can do about them.
These results are based on the polling of a random sample of 1,153 American adults (18+) on March 26th and 27th, 2018 via SurveyMonkey's Audience platform, which ensures the demographic make-up of respondents is representative of the U.S. population. Survey respondents were paid and a confidence level of 95% was used for calculating the values above.
DuckDuckGo and Vivaldi Partner on Private Browsing Mode.
As regular readers of this blog will know, but sadly most people still do not, Private Browsing modes generally don’t prevent online tracking of your searches, and this includes everything you type into Google. Private browsing modes are designed to erase history information on your computer, but don’t do much to prevent the sites you visit from tracking and monitoring your behavior to build up personal profiles.
In addition, searches in Private Browsing mode are usually performed using the default search engine. This means a non-private search engine will continue to use tracking methods such as collecting your IP address or browser fingerprinting. So really that Private Browsing mode isn’t so private after all.
Recently we gave our browser extensions a boost with more features that are meant to protect you, bundling essential privacy features such as tracker blocking and an encryption protection feature that automatically sends you to an encrypted version of a website (if there is one), instead of accepting a default non-encrypted version.
We continue to focus on expanding our privacy ecosystem by partnering with premium privacy companies to offer private search. Our most recent exciting news is that we have partnered with Vivaldi Browser to help them become the first browser to enable private search by DuckDuckGo as the default in their Private Window mode.
Why is this important?
The first thing many people do when opening a Private Window is search the web. Unfortunately they immediately expose themselves to tracking if they are not using DuckDuckGo. Now in Vivaldi, the moment you start using private browsing mode, your search is private as you'd expect — no need to change anything. Your searches and personal information will not be collected or shared while using Private Windows, in addition to the privacy protection features that Vivaldi gives you by default.
With users often keeping default settings in software, this addition to the latest version of Vivaldi is an important step towards both convenience and privacy.
Help double our donations and support online privacy.
The campaign has now finished. Thank you to all those who donated and please continue to support these organizations that work for our privacy.
We're excited to announce that we're donating half a million dollars to non-profits that share in DuckDuckGo's vision of raising the standard of trust online, and we need your help!
Since 2011 we've donated $800,000 to projects that are working to spread Internet privacy, and this year we're taking it up a notch with the DuckDuckGo Privacy Challenge crowdfunding campaign. With your participation via donations and spreading the word, we could dramatically increase the amount of money that's donated to these amazing organizations.
Starting today, we're supporting more than 20 non-profit organizations through a massive privacy crowdfunding campaign hosted by CrowdRise, the world's biggest fundraising platform for charitable giving. Suggestions for the participating organizations were crowdsourced from you, the DuckDuckGo community, and all of these impactful projects either directly enable you to be more private online, or help defend your rights to online privacy. You can explore their work from the campaign page here: https://www.crowdrise.com/duckduckgoprivacychallenge.
How it works
From now through April 10th, we'll be running this friendly crowdfunding campaign for organizations committed to protecting the privacy of personal information on the Internet. The projects will compete for $500,000 in prizes to help further their missions.
In particular, we will match every donation received online by each participating organization, up to $3,000. We will also award 16 grand prizes, with $50,000 to the organization that raises the most money during the challenge. Finally, each organization can also benefit from weekly bonus challenges whose prizes total $247,000.
Your donations will directly impact the funding each organization can receive, hopefully leveraging our $500,000 to much more than we can achieve individually.
How you can help
It's easy to get started:
- Visit the DuckDuckGo Privacy Challenge page, or view the individual profiles from the list below to support the work of these organizations.
- Please spread the word to increase awareness of the DuckDuckGo Privacy Challenge. The more you share, the greater the impact we can all make for these wonderful organizations. You can share the CrowdRise challenge URL (https://www.crowdrise.com/duckduckgoprivacychallenge) with your network via email or on social media (with the hashtag #FundPrivacy2018).
- If you make a donation, let your online community know about it and encourage them to consider doing the same.
Over the next four weeks, we can make a huge impact together, ensuring better privacy for you, your family and friends, and Internet users worldwide. Thank you for your participation.
- Access Now
- Bits of Freedom
- Center for Democracy and Technology
- Demand Progress
- Emerald Onion
- Fight for the Future
- Freedom of the Press Foundation
- Freenet Project
- Internet Freedom Festival
- Let's Encrypt
- New Media Rights
- Privacy Rights Clearinghouse
- Restore the 4th
- Riseup Labs
- The Tor Project
- Terms of Service; Didn't Read
- The Calyx Institute
- World Privacy Forum
In a previous post we saw the effect of encryption, trying to make content unreadable to anyone watching your traffic. Great, you may think, my DuckDuckGo searches are safe! Yes, but only if it's really DuckDuckGo at the other end of your connection. There are two parts to sending information securely over the Internet, whether it's private messaging, private web browsing or any other private data transfer, and encryption is only half the story.
- Encryption: Encoding the information so that it can't be read by anyone without the correct key.
- Identity verification: Verifying that the person or thing at the other end of the connection is really who they say they are.
Security certificates play a vital role in this verification and you may have seen warning messages in your browser about certificates being out of date or somehow incorrect. Let's look at how these certificates are used so you can hopefully have more trust in your online interactions and make informed choices when warnings appear.
What is a certificate and who checks it?
Like everything on your computer or device, certificates are just files containing data. They're relatively small and contain details such as their date of issue and expiry, what domain they're valid for, who issued them and a supposedly unique, unfakeable "signature" made of letters and numbers called a hash*.
In some ways a security certificate is like a passport for a website — it verifies its identity — but you can't be expected to examine the certificate of every server (computer) on the web so, thankfully, your browser does that for you in the background. It's like your own personal passport control official. Every website you try to securely connect to has to present its certificate to your browser which makes various checks. If something's wrong such as the certificate being expired, its domain name not matching the one you're trying to access, or an incorrect signature, your browser will either show you a warning or simply block the site completely. As you can see, we place incredible trust in the browsers we use everyday but how do they know who to trust?
Who issues the certificates?
Browsers can't be expected to know about every certificate on the Internet so instead they rely on core Certification Authorities (CA) — organizations that are verified by browser vendors. All browsers contain a list of certificates issued by trusted CAs called root certificates and they're the foundation of a chain of trust consisting of further certificates. Similar to a national passport issuing authority, the certificate issuers should make proper checks to verify the details of the people or organization controlling the website requesting a security certificate. The security of the Internet relies on this chain of trust and there are serious consequences if it's ever at risk, as was seen in April 2015 when a major root certificate authority was removed from browsers after the discovery of a rogue certificate. Incidentally it is possible to make your own "self-signed" certificate, just as it's possible to create your own passport, but it won't be officially recognized.
Isn't it possible to spoof the certificates?
Certificates rely on various things to be secure and trustworthy — the strength of the algorithm to create the signature and the competence of the issuing authority, for example. These naturally improve over time as knowledge and research findings spread, just as weaknesses in older methods appear. There have been cases of certificate spoofing and there may be again, but the likelihood is ever-decreasing.
So certificates make everything OK?
They're a great technology and work well. The fact that most people don't know of their existence despite using them every day shows how elegantly the system works. However, as long as there are systems to protect us there are people trying to defeat that protection. In the case of security certificates, there have been instances of ISPs, workplaces and even computers and tablets intercepting secure Internet connections using their own certificates. Instead of a single secure connection to your bank, for example, there might be a secure connection to your ISP and then a separate secure connection to your bank. Technically it seems secure but actually traffic is intercepted presumably without the user's knowledge. Fortunately the security community is full of helpful experts who look out for such untrustworthy behavior and spread the news quickly so it can be fixed (or avoided). It's also possible to check certificates yourself if you get suspicious.
How can I check certificates myself?
Usually within your browser you can click on the small padlock image next to the address bar, which only appears for secure sites, i.e. those beginning with
https://. Then there should be a button to open the details of the certificate for you to view. Make a point of checking who the issuing authority is, what domain it's for (hopefully the one you're visiting!), when the expiry date is, and so on.
So with your newly-acquired certificate skills, what should you do? Well, nothing really. Continue to use the Internet as you normally do, albeit with hopefully a better understanding of the technology in place to protect you. If you do come across a certificate warning, however, now you should be able to investigate and decide for yourself how best to proceed. It may be a simple blog with a certificate that expired yesterday, or it may be a suspicious domain that's masquerading as your bank. Either way, it's good practice to let the website owners know and do your bit to keep everyone safer on the Internet.
Recommended reading: What is SSL and what are Certificates?
* A hash is created from some content in a one-way process so that any change to the content would generate a different hash. For example, imagine burning a printed document and closely examining the remaining ashes. If you edited, re-printed and burnt the document again the chemical composition of the resulting ashes would be (ever-so-slightly) different. It's also impossible to discover the content of the document just by examining the ashes, which is the same as with a hash.
When surfing the web, you want to keep your personal information private, not leaving it open to be spied on by Internet Service Providers or other people on your network. For this purpose, an increasing number of websites and services are using secure web connections, shown by a padlock or similar indication in your browser's address bar. Such websites use "
https://" at the beginning of their address rather than "
http://". Think of it as automatic encryption. But what protection does that give you? How much of your surfing data is secure?
To find out, I'm going to use packet analyzing software to spy on myself as I browse the web and see what information is visible. Such software makes it possible to capture and examine traffic on a network, seeing the raw data that is sent between devices. The software I'm using is called Wireshark, which is free and open source, but there are many other similar tools available. The following is a crude test but I hope to show what that little padlock means in most circumstances.
Firstly let's look at the content of a basic web page. The standard example website used by many tutorials is example.com which helpfully has both an encrypted (secure) and unencrypted version. The content is simply a short message and a link saying "More information." In Wireshark I searched for the word "information" and this is the result:
As you can see, it found the word "information" together with the rest of the page's content. In other words, everything I can see in the browser is also easily visible to anyone sharing my network or spying on my connection.
With the secure version, however, the content is encrypted and although Wireshark shows lots of packets of data, it's not clear what they contain.
Now we've seen the effect of a secure connection, let's see what other information it hides starting with the most fundamental — the domain name. This is the part of the web address (URL) that ends in
.org or similar. I'm switching websites this time and capturing data packets when I visit duckduckgo.com which is secure by default — we can tell by the "
https://" at the beginning of the address. Looking at Wireshark's results, I quickly find a data packet containing the domain name, as you can see:
It may be surprising that the domain name is clearly visible but not only is it normal, it's essential. Without it, your router and Internet servers beyond wouldn't know where to send your requests for web pages. It's a bit like the luggage tag that's put on your suitcase when you check in at an airport — it needs to be visible for the various staff to send it to the right city.
Sub-domains are areas within a domain. If we stick with the airport analogy, they're the equivalent of having one or more airports within a city. Consequently sub-domain names, for example safe.duckduckgo.com, are also visible within data packets even over a secure connection.
This is where things get reassuring. Like your luggage when it arrives at an airport, there's no need for its subsequent precise destination to be public. In the case of data packets, only the server at the destination domain (or sub-domain) should be able to decrypt the precise destination and so directory and page names are therefore not visible to external observers. This includes other parameters in the address such as
Finally, what about web forms which are often used for sensitive personal data? Sometimes this is sent as part of a web page's address, in which case we now know it's safely encrypted. Many times it's not however, and is sent by the browser passing on your information in the background. Fortunately this is treated similar to other content and encrypted when a secure connection is used. In fact when checking data packets I was not even able to tell what was form data, what was a page name and what was regular content. This is how it should be when data is encrypted.
So as you can see, it's simple to summarize what data is protected when using a secure web connection:
- Domain and sub-domain in the URL: Unencrypted, i.e. visible
- Remainder of the URL: Encrypted, i.e. hidden
- All other page and form data: Encrypted, i.e. hidden
You may think you don't need such protection and that Internet spying only happens on a large scale or to high-profile people, but in fact when you're in a cafe, hotel, workplace or even in your own home, it's still possible for someone to monitor your data as shown in this experiment. Using secure web connections is an easy way to increase your privacy.
Unfortunately you can only use a secure web connection with websites that support it. DuckDuckGo search is secure by default of course, but there are many websites that aren't. However, we've released a browser extension and mobile app that will make sure encryption is used when available (in addition to other privacy features). It works in the background, silently redirecting you to secure connections when it can. We recommend installing it for your regular mobile and desktop web browsing, as well as keeping an eye on the address bar to look out for that padlock.
Today is the 11th annual Data Privacy Day. If you're going to make real progress in your data privacy this year, you must do something about your Google and Facebook use. Here's why and how:
I've also covered this in more detail in this op-ed on CNBC.
As explained above, here are the steps to take back your privacy online:
- Live Google-free with our recommendations for alternatives to Google services.
- Reduce your Facebook usage as much as possible. I've personally been living Facebook-free for many years.
- Get the DuckDuckGo browser extension and mobile app that blocks Facebook and Google hidden trackers and contains other privacy essentials: additional tracker blocking, smarter encryption, private search, and more.
- Make your devices more private with our device privacy tips.
Happy Data Privacy Day!
DuckDuckGo moves beyond search to also protect you while browsing.
Over the years, DuckDuckGo has offered millions of people a private alternative to Google, serving over 16 billion anonymous searches. Today we're excited to launch fully revamped versions of our browser extension and mobile app, extending DuckDuckGo's protection beyond the search box to wherever the Internet takes you.
It’s hard to use the Internet without it feeling a bit creepy – like there’s a nosey neighbor watching everything you do from across the street. Except, instead of a nosey neighbor, it’s a vast array of highly sophisticated tracker networks, run by big companies like Google and Facebook, recording everything you do online, often without your knowledge, and selling their findings to the highest bidder via targeted ads. While closing the blinds at home can put a stop to your neighbors, there isn’t something that simple that can work online. Until now.
Today we’re taking a major step to simplify online privacy with the launch of fully revamped versions of our browser extension and mobile app, now with built-in tracker network blocking, smarter encryption, and, of course, private search – all designed to operate seamlessly together while you search and browse the web. Our updated app and extension are now available across all major platforms – Firefox, Safari, Chrome, iOS, and Android – so that you can easily get all the privacy essentials you need on any device with just one download.
The DuckDuckGo browser extension and mobile app will also now show you a Privacy Grade rating (A-F) when you visit a website. This rating lets you see at a glance how protected you are, dig into the details to see who we caught trying to track you, and learn how we enhanced the underlying website's privacy measures. The Privacy Grade is scored automatically based on the prevalence of hidden tracker networks, encryption availability, and website privacy practices.
To date, cobbling together an effective privacy solution has required researching complicated technologies, installing multiple add-ons and apps on each device, and often worsening your Internet experience. Others have been unfortunately misled by supposed simple solutions. Think “Incognito” mode blocks Google from watching what you’re doing? Think again. Private browsing modes are marketed to make you think that if it's not in your device’s browser history, it never happened. Sadly, that couldn't be further from the truth.
With the new DuckDuckGo browser extension or mobile app, you are now able to seamlessly:
Expose and Block Tracker Networks Watching You
The vast majority of websites across the Internet contain hidden tracker networks, with Google trackers now lurking behind 76% of pages, Facebook’s trackers on 24% of pages, and countless others soaking up your personal information to follow you with ads around the Web, or worse. Our Privacy Protection will block all the hidden trackers we can find, exposing the major advertising networks tracking you over time, so that you can track who's trying to track you.
Increase Encryption Protection
While not all sites offer an encrypted version, thankfully this has been rapidly changing. If we discover a site offers an encrypted version but does not send you to it automatically, DuckDuckGo will. This encryption protects you from eavesdroppers, like ISPs, grabbing up your personal information as it travels across the Internet between you and the websites you visit.
Most privacy policies are difficult to understand, and aren’t reviewed closely enough. Even if we block all the tracker networks we find, and even if we upgrade encryption, a website could still be using your data for nefarious purposes, such as selling it to third parties.
We’ve partnered with Terms of Service Didn't Read (TOSDR) to include their scores of website terms of service and privacy policies, where available. However, because most privacy policies still remain unstudied, we’re working with TOSDR to help them to rate and label as many websites as possible.
Of course, our app and extension also include DuckDuckGo private search! You share your most personal information with your search engine, like your financial, medical, and political questions. What you search for is your own business, which is why DuckDuckGo search doesn’t track you. Ever.
Once you start using the new app and browser extension, you’ll quickly notice something: hardly any website currently gets an "A" on privacy. That’s because hardly any website out there truly prioritizes your privacy.
Because of these widespread poor privacy practices, too many people believe you simply can’t expect privacy on the Internet. We disagree, and have made it our mission to set a new standard of trust online. We want privacy to be the default, not the exception, and this launch is a major step in that direction.
For the last decade, DuckDuckGo has been giving you the ability to search privately, but that privacy was only limited to our search box. Now, when you also use the DuckDuckGo browser extension or mobile app, we will provide you with seamless privacy protection on the websites you visit. Our goal is to expand this privacy protection over time by adding even more privacy features into this single package. While not all privacy protection can be as seamless, the essentials available today and those that we will be adding will go a long way to protecting your privacy online, without compromising your Internet experience.
As more people start taking their privacy back online, the companies who make money off our personal information will be put on more notice and we’ll collectively raise the Internet’s privacy grade, ending the widespread use of invasive tracking. True to the collective nature of this effort, we’re also building our extension and app in the open with all of the code available on GitHub, so we invite you to join us.
DuckDuckGo and Brave Partner on Private Browsing Mode.
As we've highlighted before, Private Browsing mode, which is widely available in web browsers, is actually not as private as people think. Although it removes traces of web browsing sessions from your device, it doesn't remove all traces online — websites can still track you and monitor your behavior to build up personal profiles.
Not only that, searches in Private Browsing mode are usually performed using the default search engine. This means a non-private search engine will continue to use tracking methods such as collecting your IP address or browser fingerprinting, which is sadly ironic given that our research has shown that "embarrassing searches" is the top reason for people to choose Private Browsing mode!
To fix this, we've worked with Brave to offer the ability to easily enable private search within their private tabs. In the Brave desktop browser (coming to mobile soon), when you open a private tab you'll be presented with an option to select DuckDuckGo as your default private search engine. The result is that your searches and personal information will not be collected or shared while using private tabs, in addition to the privacy protection features that Brave gives you by default.
This is a significant step towards giving users more control of their personal information and one we hope other browsers will adopt soon. In Private Browsing mode people expect private searches. With this integration, that's made simple.
As we start 2018, we're proud to look back on a banner year for DuckDuckGo: 55% growth in daily private searches, $400,000 in donations to privacy organizations, new major partnerships with Samsung and Brave, and a lot of privacy education, all in service of our vision to raise the standard of trust online.
In 2017, people all over the world were greeted with nearly daily reminders in the news and elsewhere that their personal information isn't safe online. As a result, privacy continued its growing relevance among mainstream audiences and people came to DuckDuckGo in search of (pun intended!) peace of mind. Here, they found an improved search engine that kept people coming back, with a continued focus on relevancy, especially in local and news results.
These were just some of the driving factors behind our best year to date with nearly six billion private searches. That's up about 50% from four billion in 2016. 36% of all searches ever entered on DuckDuckGo in our ten-year lifespan were conducted in 2017 alone. We started last year averaging about 12 million private searches daily, and ended the year at about 19 million, an increase of about 55%, averaging over 15 million daily private searches for the year.
All this growth enabled us to support more privacy initiatives than ever before, with donations totaling $400,000 to privacy-advocacy organizations including Freedom of the Press Foundation, World Privacy Forum, Open Whisper Systems, Privacy Rights Clearinghouse, Tor Project, and the Electronic Frontier Foundation (EFF). 2017 was our seventh year of making privacy donations, and we're already gearing up for a bigger 2018.
In 2017, we also reached two major partnerships with Samsung and Brave. DuckDuckGo is now a built-in search option within Samsung's Internet browser across all their devices, and also available as an opt-in search engine within Brave private tabs. Most people over-estimate the amount of protection private browsing provides. This Brave integration helps address a top misconception that private browsing mode automatically makes all searches private. It doesn't — you need DuckDuckGo for that!
Finally, we spent a lot of effort last year on privacy education:
- We launched this blog and put out Device Privacy Tips Guides;
- We launched a newsletter explaining privacy concepts (full content here);
- We expanded our social media efforts to bring you daily privacy tips on the major platforms.
So what lies ahead in 2018? You can of course expect more of the same: better search, more privacy donations, more partnerships, more privacy education.
In addition, and in line with our vision of raising the standard of trust online, we have some exciting updates in store for 2018 that will help you protect your privacy beyond search. We can’t wait to share them with you, so stay tuned for announcements. In the meantime, we'd like to thank you all for your continued support and feedback, and wish you a very Happy New Year!
A few months ago, we published research showing significant privacy actions are now mainstream. We've now done some follow-up research to further define this group of people who currently care deeply enough about their online privacy to take significant actions to try to protect it. We found that among U.S. adults, this group now makes up 24% of the population.
This number is based on a new survey we commissioned among 2,025 U.S. adults during October 2017, using SurveyMonkey's Audience platform where the demographic make-up of respondents was controlled to reflect the U.S. adult population.
To qualify as part of this group, respondents had to both express deep concern for their online privacy, and have taken at least one significant action to protect it. Specifically, to gauge deep concern, survey takers had to say that privacy was "Extremely important" in their "next device purchase," and that one of the top two motivating factors to consider switching their search engine is "if it didn't collect any personal data about me or my searches."
For significant privacy actions, respondents had to either "install browser extensions to block web trackers" or enabled the "Do Not Track" setting in their browser.
Nearly one quarter of the population is by no means a small number and this group is certainly not "niche." Privacy is both mainstream and growing. With increasingly invasive advertising, devastating data breaches, and ramping up regulatory focus, we expect this segment to continue to grow. We find that as the population becomes more educated about online privacy, more and more people join this group that both cares deeply about and significantly acts on their online privacy concerns.
It's easy to underestimate how awesome encrypted internet connections are. Sure, they may not sound exciting, but without them, things like our financial details, medical histories, and relationship problems would all be visible to internet providers, or even people on the same network as you. Without secure connections, when you're checking your bank statement in a coffee shop, Secretive Sam in the corner could be checking your bank statement too!
Such eavesdropping is prevented by visiting a website over a secure connection. When you do so, only the website's domain name is visible to others (e.g. the "duckduckgo.com" part), and not the page content itself, or any other data such as search terms you might send with it or type into the page after it loads. As long as your connection is encrypted, everything after the domain name cannot be seen by any servers in between you and the website.
An apt metaphor is checking your locked luggage at an airport. Anyone can read the tag on your suitcase to see where it's heading, but the contents are locked away and can't be seen by other travelers or airport staff. On the other hand, data sent over an unsecure connection would be like a transparent suitcase with everything on show — even those embarrassing but oh-so-comfy pyjamas!
So, how can you make sure you're using a secure connection? Unfortunately this relies on websites supporting the ability to do so, though fortunately it's easy to check! In your web browser (the software you use to see websites), just look for a padlock or the text "https" (and not just "http") in the address bar at the top of the browser.
The good news is that now more than 60% of web traffic is securable. In other words, most web browsing can be done over an encrypted connection. However, not all websites send you to their secure version by default, so we recommend using our mobile app and browser extension which, along with other privacy features, automatically forces a secure connection when there's one available.
Here's how it works differently than a VPN. Imagine you want to send a letter anonymously. You could use a trusted courier to deliver it directly without others knowing or revealing your identity. That's roughly how a VPN works. Alternatively, you could use the regular postal service, dropping the letter in a mailbox from which it gets routed through various post offices until it reaches its destination. That's roughly how Tor works.
So what's the catch? Why isn't everyone using Tor? Well, like the letter analogy above, your data is taking the scenic route to get to its destination, not the fast, direct route. This longer route makes surfing the internet slower. You also need to connect to the Tor network before you start browsing, similar to connecting to a VPN, although Tor software makes this easy with options for desktop and mobile:
- Tor Browser: A complete anonymizing browser for Windows, Mac and Linux.
- Orbot: Tor connection for Android, to use with your existing browser.
- Onion Browser: A Tor browser for iOS.
While Tor can't guarantee anonymity, it's the best choice for protecting your identity online.
Computers, smartphones and internet-connected gadgets have made our lives easier to the point where we'd be stuck without them. The flip side is the more we rely on them, the more data passes through them and potentially out of our control. Sadly, these devices are often poorly privacy protected, for example a 2016 study of Android devices showed a shocking 34% of users don't even have a passcode set!
But never fear — we're here to help you avoid being a scary statistic. We've compiled step-by-step guides to protecting your privacy on these devices:
We encourage you to go through the guides relevant for your devices for specific tips including screenshots, though regardless of device, here are some steps that everyone should take:
- Set a password or passcode.
- Encrypt your computer and phone.
- Don't use an admin account for daily use.
- Remove unneeded apps and extensions.
- Keep your devices up-to-date.
- Review which apps can access your personal data.
- Use a mobile app or browser extension that protects your privacy as you surf the web.
These steps are simple, quick, and yet go a long way to keeping your personal information safe and helping you sleep soundly at night.
You already know that using DuckDuckGo keeps your searches private, though what about when you click on a search result?
Websites you visit, Internet Service Providers (ISPs), or anyone connected to your network, can see your browsing activity through your computer's virtual ID (IP address). So-called "incognito mode" doesn't protect you from this snooping — that mode actually doesn't keep anything private outside of your physical computer!
A Virtual Private Network (VPN) can offer you a degree of anonymity, by masking your computer's IP address from everyone but the VPN provider. It effectively provides a secret tunnel from your phone or computer to the internet through the VPN, blocking others from peeping in. Everyone then just sees the VPN browsing these sites, and not you personally.
After signing up for a VPN service and enabling it on your devices, your traffic is protected. Note, however, that it's technically possible for your VPN provider to still spy and record all your internet activity. For this reason, you should fully trust the VPN provider you use.
How to choose from the many VPN providers out there? Here are some important factors to think about:
- Cost. There are some free services, but you're likely to end up paying with personal data, so we recommend looking for a paid service that suits your budget.
- Speed. VPN providers sometimes publish their connection speeds, but the best way to avoid a slow service is to sign up for a trial and run a connection speed test before and after enabling.
- Location. You may prefer VPNs hosted in certain countries for accessing location-specific content, so check their website to see where their servers are. In many cases you'll be able to choose which country server to connect to.
There are 100s of VPN providers to choose from, so check your favorite review sites for further guidance, such as this VPN comparison chart from PCMag. If you'd prefer an easy choice, Private Internet Access is what we use internally at DuckDuckGo.